Mohsin Chaudhry

I bring a wealth of experience and a strong drive as an Information Security Manager, with over a decade of dedicated service in the realms of Information Security, Governance, Risk and compliance, as well as Information Systems auditing, IT, and Project Management. My skill set includes robust problem-solving capabilities, adept consulting expertise, and excellent interpersonal skills. I possess the ability to meticulously analyse business requirements, formulate strategic approaches, and effectively communicate security solutions to both technical and non-technical stakeholders. I excel as a collaborative team member, placing a premium on nurturing and sustaining client relationships, all while achieving exceptional outcomes with high-performing teams."

COMPUTACENTER UK, HATFIELD, HERTS CONTRACT
Information Security Consultant (August 2022 – Current)
 Provided support for external audits and successfully achieved Cyber essential compliance.
 Identified and addressed gaps in Computacenter's security controls.
 Ensuring that all security issues from audits or risks raised are recorded, with ownership, and tracking remediation
tasks to closure/mitigation/acceptance of risks.
 Delivering a picture of the Vulnerability status at the Divisional and Business Unit levels.
 Contributed to and lead security risk assessments across security domains, projects, operational requirements, and
technical change initiatives.
 Pragmatically assessed risks and ensured alignment with information security policies and risk management
methodologies used within the information security management system (ISMS).
 Developed and participated in the implementation of client initiatives focused on the reduction of technology risk,
governance and compliance with policies and external regulatory compliance.
 Worked on implementing a central patching project to introduce a standard patching process within Computacenter
HUTCHISON 3G UK, MAIDENHEAD Permanent
Information Security Consultant (January 2019 – July 2022)
Hired as part of the International Security team to help develop, establish, and standardise Control Assurance,
Compliance Alignment within operational activities as they pertain to Internal Projects, Vulnerability Management, and 3rd
Party Vendor Management.
 Communicating security issues in an accessible manner at all levels of the organisation from Technician to Board,
applying judgment to guide decision making
 Prioritisation and expectation management with responsibility for influencing our Senior Management Team and roles
across all levels to protect Three now and in the future
 Working with a broad range of internal stakeholders including our shareholders and our Managed Service Partners
 Cloud Service Assessments: design, develop and establish a high-level set of control assurance questions for AWS
Mohsin Chaudhry | iMAILMOSH@GMAIL.COM | PAGE 2
cloud services.
 Risk Assessment: Ensuring all projects adhere to the information security management standards set by Three UK.
 Patch Management: Improved the patch management across the estate by raising awareness and working with
various teams to align the patch schedule process with Microsoft patch Tuesday and quarterly patching for non-
Windows OS where possible.
 Vulnerability Management: lead the team to expand the vulnerability management solution which had not been
operational since implementation 2015. Remediated all issues with the VLM tool and implemented best practice in the
organisation, worked through various challenges to ensure that the vulnerability tool is operational and covered the
estate.
 Contractual Analysis: Initiated 3rd Party assurance audit to ensure that the managed service providers are delivering
in line with the contract. All gaps identified during this audit were raised at the management team. This task was slightly
challenging however, making our partners accountable had a direct impact on the issues/challenges which were
stagnant.
 Reporting: Advice in implementing and maintaining a suite of security metrics to highlight the effectiveness of the
security strategy operation to be measured and related security issues to be understood and managed.
 Penetration Testing: Coordinated and steered tests; liaised with external penetration testers and internal stakeholders
to drive the penetration test forward, the findings of the penetration tests presented to the business for remediation.
COMPUTACENTER UK, HATFIELD, HERTS
DIRECT LINE GROUP, CHANNEL 4, LBIA, HAYS, FCA, VISA CONTRACT
INFORMATION SECURITY MANAGER (March 2015 – December 2018)
Worked as an information security manager for a managed service provider. Carried out an internal Compliance / Gap
Analysis project for a financial insurance company. Assigned to participate and lead in various security-related projects for
clients, including vulnerability assessments, penetration tests and PCI Audit. Wrote and reviewed ISO27001 information
security policies and produced detailed design documentation for services and solutions.
KEY ACHIEVEMENTS
▪ PCI DSS: Assisted QSA as Internal Security Assessor to lead on PCI audit. Contributed to scope definition,
documentation creation and arranged interviews; relayed results to stakeholders and recommended and implemented
remediation measures.
▪ Workplace Mentoring: Actively mentoring, training and guiding new starters and employees on various principles of
information security
▪ Achieved PCI DSS v3.1,v3.2 achieved Accreditation ff Compliance 2 years running.
▪ Successfully completed the Low Hanging Fruits initiative closing down the common avenue of compromise
▪ Creation of Information security policy frameworks, including the definition, roll-out and maintenance of policies, and
standards in accordance with ISO 27001 & PCI DSS v3.2.
▪ Information Security Management: BAU role; reviewed monthly security reports and resolved issues relating to Anti-
Virus, Patching, and Access control.
▪ PCI DSS: Assisted QSA as Internal Security Assessor to lead on PCI audit. Contributed to scope definition,
documentation creation and arranged interviews; relayed results to stakeholders and recommended and implemented
remediation measures.
▪ Gap Analysis: Worked on security gap analysis; reviewed design documents and highlighted areas for remediation;
successfully completed complex audit work to tight time schedule.
▪ ISMS Review: Assessment of the ISMS, highlighting non-conformities and prioritising remediation work.
▪ Penetration Testing Coordinated and steered tests; liaised with internal teams and stakeholders to drive pen test
activities.
▪ Policies/Processes - Designed and developed policy documentation. Drafted security control documents that fed into
the bespoke International 3rd Party Vendor Management tool. Developed process workflows for the 3rd Party Vendor
Management tool
▪ Vulnerability Management – program improvement and development of continuous vulnerability management.
Establishment of the current state using process maps and workflows. Responsible for configuring and running Qualys
scans and issuing results to the technical team for remediation.
▪ Vulnerability Assessment: Acted as a technical resource; delivered consultancy advice on planning, management and
execution of vulnerability assessment projects.
▪ Security Awareness - Provided guidance to lines of business on how and why to use the newly developed bespoke 3rd
Party Vendor Management tool. Contributed by giving future recommendations and assisting in its development and its
alignment to business needs.
▪ Maintenance, Monitoring & Analysis of Audit logs– Successfully integrated tools & technologies to Symantec MSS
SIEM tool. Storing of logs also aided the PCI project and facilitated meeting compliance with ISMS.
▪ Asset List –Created a quarterly review process to continuously review the CMDB, ADMB to ensure that data in the
asset list is accurate.
▪ Incident Management – Oversee creation of runbooks, creation of incident response plan & training technical teams to
identify, communicate & eradicate a security incident.
Mohsin Chaudhry | iMAILMOSH@GMAIL.COM | PAGE 3
▪ Reporting - Produce and distribute security monthly reports to C-Level executives highlighting risks and threats posed
to the company, including Information Security related issues and incidents
▪ Framework – Experience of developing and operating information security strategies and governance frameworks
HITACHI EUROPE LIMITED Permanent
SENIOR SOLUTION CONSULTANT (MAY 2010 – SEPTEMBER 2014)
Worked as a security consultant implementing security products to the retail sector, Government sector & Banking sector.
Key Achievements
▪ Successfully aided in winning numerous contracts for Hitachi Europe (Mcdonald’s, BTP Police).
▪ Developed support architecture for a security product to handle client issues swiftly.
▪ Creation of a technical lab with all customer environments for support purposes.
▪ Identity Access Management: Implementation of the IAM tool in accordance with the RBAC model.
▪ User Monitoring Tool: Configuration/Implementation of User Monitoring Tool for government and Retail Sector.
▪ Influencing business partners, and product developers in providing a comprehensive solution to clients.
▪ Manage client expectations all the way through the pre-sales and post-sales phases.
▪ Identify client requirements by classifying business processes and liaising with various levels of management
within the client business environment.
▪ Oversee testing of security products and services (Subject Matter Expert).
▪ Demonstrate relevant security solutions put together by Hitachi to potential clients.
▪ Architect template solutions with products sold by Hitachi.
▪ Participate in project board meetings, implementation meetings and product meetings.
▪ Advice Technical Head and Business Group Heads on Security solution projects.
HITACHI EUROPE LIMITED CONTRACT
Desktop Support Specialist (January 2008 – April 2010)
British Airport Authority (BAA) CONTRACT
Security Admin – (March 2006 - December 2008

QUALIFICATIONS
Certified in Risk and Information Systems Control (CRISC)
 Certified Information Security Manager (CISM)
 Microsoft Azure Security Engineer
 Prince 2 Foundation & Practitioner
 ITIL Foundation V3